Beijing Baichuo Smart S85F Management Platform Operating System Command Injection Vulnerability

Beijing Baichuo Smart S85F Management Platform is a management platform of Beijing Baichuo Company. Beijing Baichuo Smart S85F Management Platform suffers from an operating system command injection vulnerability, which originates from unknown processing in sysmanage/importconf.php and results in...

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

DTS Monitoring Operating System Command Injection Vulnerability

DTS Monitoring is an information system monitoring platform from DTS Corporation. An operating system command injection vulnerability exists in DTS Monitoring version 3.57.0, which originates from the commonname parameter in the SSL certificate check function being susceptible to operating system...

Desdev DedeCMS OS Command Injection Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. An operating system command injection...

PHOENIX CONTACTs WP 6xxx series web panels Operating System Command Injection Vulnerability

PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. An operating system command injection vulnerability exists in PHOENIX CONTACTs WP 6xxx series web panels prior to version 4.0.10, which originates in the web panels, where uploading credentials t...

Ruijie Networks BCR810W 操作系统命令注入漏洞

The Ruijie Networks BCR810W is an intelligent cloud router from Ruijie Networks China. An operating system command injection vulnerability exists in the Ruijie Networks BCR810W version 2.5.10. An attacker could exploit this vulnerability to conduct an OS command injection attack...

IBM Security Directory Suite 操作系统命令注入漏洞

IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. An operating system command injection vulnerability exists in IBM Security Directory Suite VA, which can be exploited by an...

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command 'OS Command Injection' vulnerabilties CWE-78 vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests...

"WPS Office" vulnerable to OS command injection

Overview "WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may...

KbDevice digital video recorders 操作系统命令注入漏洞

The KbDevice KB-AHR04D is an AHD hybrid recorder from KbDevice. A security vulnerability exists in KbDevice digital video recorders. An attacker could exploit this vulnerability to perform an operating system command injection attack...

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

pyMedusa 操作系统命令注入漏洞

pyMedusa is pyMedusa open source automated video library manager for a TV program. An operating system command injection vulnerability exists in versions prior to pymedusa 1.0.12. An attacker can exploit this vulnerability to update the git executable path in /config/general/advanced settings usi...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Checkmk 操作系统命令注入漏洞

Checkmk is an editor. Tribe29 Checkmk suffers from an operating system command injection vulnerability that stems from the presence of a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands within the local privileges of the application...

SUSE CVE-2022-43758

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...

ZOHO ManageEngine SupportCenter Plus 操作系统命令注入漏洞

ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide an exceptional customer experience in the process. A...

is-http2 操作系统命令注入漏洞

is-http2 is an application by Stefan Judis personal developer. A simple module for checking whether certain servers support HTTP/2. An operating system command injection vulnerability exists in is-http2, which stems from a lack of input cleanup or other checks and the use of sandboxing by the isH...

Siretta QUARTZ-GOLD 操作系统命令注入漏洞

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability, which can be exploited by attackers to cause the execution of arbitrary commands by sending specially crafted...

PT-2023-14127 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: Several OS command injection vulnerabilities exist in the m2m binary. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network...

Brave 操作系统命令注入漏洞

Brave is a fast, private and secure web browser from Brave USA. Brave UX for-the-badge suffers from an operating system command injection vulnerability that stems from several unknown functions in its .github/workflows/combine-prs.yml file that allows an attacker to implement system command...